Merge remote-tracking branch 'origin/master' into scripts/cleanup-set…

…up-2
docker-mailserver · Feb 28, 2023 · 41d08e4 · 41d08e4
2 parents ae342ff + 9ead9a5
commit 41d08e4
Show file tree

Hide file tree

Showing 14 changed files with 260 additions and 286 deletions.
diff --git a/target/scripts/helpers/dhparams.sh b/target/scripts/helpers/dhparams.sh
diff --git a/target/scripts/helpers/index.sh b/target/scripts/helpers/index.sh
@@ -10,7 +10,6 @@ function _import_scripts
   source "${PATH_TO_SCRIPTS}/accounts.sh"
   source "${PATH_TO_SCRIPTS}/aliases.sh"
   source "${PATH_TO_SCRIPTS}/change-detection.sh"
-  source "${PATH_TO_SCRIPTS}/dhparams.sh"
   source "${PATH_TO_SCRIPTS}/dns.sh"
   source "${PATH_TO_SCRIPTS}/error.sh"
   source "${PATH_TO_SCRIPTS}/lock.sh"

diff --git a/target/scripts/helpers/ssl.sh b/target/scripts/helpers/ssl.sh
@@ -1,5 +1,24 @@
 #!/bin/bash
 
+function _setup_dhparam
+{
+  local DH_SERVICE=$1
+  local DH_DEST=$2
+  local DH_CUSTOM='/tmp/docker-mailserver/dhparams.pem'
+
+  _log 'debug' "Setting up ${DH_SERVICE} dhparam"
+
+  if [[ -f ${DH_CUSTOM} ]]
+  then # use custom supplied dh params (assumes they're probably insecure)
+    _log 'trace' "${DH_SERVICE} will use custom provided DH paramters"
+    _log 'warn' "Using self-generated dhparams is considered insecure - unless you know what you are doing, please remove '${DH_CUSTOM}'"
+
+    cp -f "${DH_CUSTOM}" "${DH_DEST}"
+  else # use official standardized dh params (provided via Dockerfile)
+    _log 'trace' "${DH_SERVICE} will use official standardized DH parameters (ffdhe4096)."
+  fi
+}
+
 function _setup_ssl
 {
   _log 'debug' 'Setting up SSL'

diff --git a/target/scripts/start-mailserver.sh b/target/scripts/start-mailserver.sh
@@ -1,13 +1,9 @@
 #!/bin/bash
 
+shopt -s globstar
+
 # ------------------------------------------------------------
 # ? >> Sourcing helpers & stacks
-#      1. Helpers
-#      2. Checks
-#      3. Setup
-#      4. Fixes
-#      5. Miscellaneous
-#      6. Daemons
 # ------------------------------------------------------------
 
 # shellcheck source=./helpers/index.sh
@@ -22,12 +18,6 @@ source /usr/local/bin/check-stack.sh
 # shellcheck source=./startup/setup-stack.sh
 source /usr/local/bin/setup-stack.sh
 
-# shellcheck source=./startup/fixes-stack.sh
-source /usr/local/bin/fixes-stack.sh
-
-# shellcheck source=./startup/misc-stack.sh
-source /usr/local/bin/misc-stack.sh
-
 # shellcheck source=./startup/daemons-stack.sh
 source /usr/local/bin/daemons-stack.sh
 
@@ -39,7 +29,6 @@ source /usr/local/bin/daemons-stack.sh
 
 function _register_functions
 {
-  _log 'info' 'Initializing setup'
   _log 'debug' 'Registering functions'
 
   # ? >> Checks
@@ -84,36 +73,32 @@ function _register_functions
     _register_setup_function '_setup_saslauthd'
   fi
 
-  [[ ${ENABLE_POSTGREY} -eq 1 ]] && _register_setup_function '_setup_postgrey'
-  [[ ${ENABLE_FAIL2BAN} -eq 1 ]] && _register_setup_function '_setup_fail2ban'
-  [[ ${ENABLE_DNSBL} -eq 0 ]] && _register_setup_function '_setup_dnsbl_disable'
-  [[ ${CLAMAV_MESSAGE_SIZE_LIMIT} != '25M' ]] && _register_setup_function '_setup_clamav_sizelimit'
-  [[ ${ENABLE_RSPAMD} -eq 1 ]] && _register_setup_function '_setup_rspamd'
   _register_setup_function '_setup_postfix_inet_protocols'
   _register_setup_function '_setup_dovecot_inet_protocols'
 
-  _register_setup_function '_setup_dkim_dmarc'
+  _register_setup_function '_setup_opendkim'
+  _register_setup_function '_setup_opendmarc' # must come after `_setup_opendkim`
+
+  _register_setup_function '_setup_security_stack'
+  _register_setup_function '_setup_rspamd'
+
   _register_setup_function '_setup_ssl'
   _register_setup_function '_setup_docker_permit'
   _register_setup_function '_setup_mailname'
-  _register_setup_function '_setup_amavis'
-  _register_setup_function '_setup_dmarc_hostname'
-  _register_setup_function '_setup_postfix_hostname'
   _register_setup_function '_setup_dovecot_hostname'
+
+  _register_setup_function '_setup_postfix_hostname'
   _register_setup_function '_setup_postfix_smtputf8'
   _register_setup_function '_setup_postfix_sasl'
-  _register_setup_function '_setup_security_stack'
   _register_setup_function '_setup_postfix_aliases'
   _register_setup_function '_setup_postfix_vhost'
   _register_setup_function '_setup_postfix_dhparam'
-  _register_setup_function '_setup_postfix_postscreen'
   _register_setup_function '_setup_postfix_sizelimits'
   _register_setup_function '_setup_fetchmail'
   _register_setup_function '_setup_fetchmail_parallel'
 
   # needs to come after _setup_postfix_aliases
-  [[ ${SPOOF_PROTECTION} -eq 1 ]] && _register_setup_function '_setup_spoof_protection'
-
+  _register_setup_function '_setup_spoof_protection'
 
   if [[ ${ENABLE_SRS} -eq 1  ]]
   then
@@ -129,16 +114,8 @@ function _register_functions
   _register_setup_function '_setup_mail_summary'
   _register_setup_function '_setup_logwatch'
 
-  # ? >> Fixes
-
-  _register_fix_function '_fix_var_mail_permissions'
-
-  [[ ${ENABLE_CLAMAV} -eq 0 ]] && _register_fix_function '_fix_cleanup_clamav'
-  [[ ${ENABLE_SPAMASSASSIN} -eq 0 ]] &&	_register_fix_function '_fix_cleanup_spamassassin'
-
-  # ? >> Miscellaneous
-
-  _register_misc_function '_misc_save_states'
+  _register_setup_function '_setup_save_states'
+  _register_setup_function '_setup_apply_fixes_after_configuration'
   _register_setup_function '_environment_variables_export'
 
   # ? >> Daemons
@@ -155,48 +132,27 @@ function _register_functions
     _register_start_daemon '_start_daemon_rspamd'
   fi
 
+  [[ ${SMTP_ONLY}               -ne 1 ]] && _register_start_daemon '_start_daemon_dovecot'
+  [[ ${ENABLE_UPDATE_CHECK}     -eq 1 ]] && _register_start_daemon '_start_daemon_update_check'
+
   # needs to be started before SASLauthd
-  [[ ${ENABLE_OPENDKIM} -eq 1 ]] && _register_start_daemon '_start_daemon_opendkim'
-  [[ ${ENABLE_OPENDMARC} -eq 1 ]] && _register_start_daemon '_start_daemon_opendmarc'
+  [[ ${ENABLE_OPENDKIM}         -eq 1 ]] && _register_start_daemon '_start_daemon_opendkim'
+  [[ ${ENABLE_OPENDMARC}        -eq 1 ]] && _register_start_daemon '_start_daemon_opendmarc'
 
   # needs to be started before postfix
-  [[ ${ENABLE_POSTGREY} -eq 1 ]] &&	_register_start_daemon '_start_daemon_postgrey'
+  [[ ${ENABLE_POSTGREY}         -eq 1 ]] &&	_register_start_daemon '_start_daemon_postgrey'
 
   _register_start_daemon '_start_daemon_postfix'
 
   # needs to be started after postfix
-  [[ ${ENABLE_SASLAUTHD} -eq 1 ]] && _register_start_daemon '_start_daemon_saslauthd'
-  [[ ${ENABLE_FAIL2BAN} -eq 1 ]] &&	_register_start_daemon '_start_daemon_fail2ban'
-  [[ ${ENABLE_FETCHMAIL} -eq 1 ]] && _register_start_daemon '_start_daemon_fetchmail'
-  [[ ${ENABLE_CLAMAV} -eq 1 ]] &&	_register_start_daemon '_start_daemon_clamav'
-  [[ ${ENABLE_AMAVIS} -eq 1 ]] && _register_start_daemon '_start_daemon_amavis'
+  [[ ${ENABLE_SASLAUTHD}        -eq 1 ]] && _register_start_daemon '_start_daemon_saslauthd'
+  [[ ${ENABLE_FAIL2BAN}         -eq 1 ]] &&	_register_start_daemon '_start_daemon_fail2ban'
+  [[ ${ENABLE_FETCHMAIL}        -eq 1 ]] && _register_start_daemon '_start_daemon_fetchmail'
+  [[ ${ENABLE_CLAMAV}           -eq 1 ]] &&	_register_start_daemon '_start_daemon_clamav'
+  [[ ${ENABLE_AMAVIS}           -eq 1 ]] && _register_start_daemon '_start_daemon_amavis'
   [[ ${ACCOUNT_PROVISIONER} == 'FILE' ]] && _register_start_daemon '_start_daemon_changedetector'
 }
 
-function _register_start_daemon
-{
-  DAEMONS_START+=("${1}")
-  _log 'trace' "${1}() registered"
-}
-
-function _register_fix_function
-{
-  FUNCS_FIX+=("${1}")
-  _log 'trace' "${1}() registered"
-}
-
-function _register_check_function
-{
-  FUNCS_CHECK+=("${1}")
-  _log 'trace' "${1}() registered"
-}
-
-function _register_misc_function
-{
-  FUNCS_MISC+=("${1}")
-  _log 'trace' "${1}() registered"
-}
-
 # ------------------------------------------------------------
 # ? << Registering functions
 # --
@@ -212,8 +168,6 @@ _register_functions
 _check
 _setup
 [[ ${LOG_LEVEL} =~ (debug|trace) ]] && print-environment
-_apply_fixes
-_start_misc
 _run_user_patches
 _start_daemons
 

diff --git a/target/scripts/startup/check-stack.sh b/target/scripts/startup/check-stack.sh
@@ -1,5 +1,13 @@
 #!/bin/bash
 
+declare -a FUNCS_CHECK
+
+function _register_check_function
+{
+  FUNCS_CHECK+=("${1}")
+  _log 'trace' "${1}() registered"
+}
+
 function _check
 {
   _log 'info' 'Checking configuration'

diff --git a/target/scripts/startup/daemons-stack.sh b/target/scripts/startup/daemons-stack.sh
@@ -1,5 +1,13 @@
 #!/bin/bash
 
+declare -a DAEMONS_START
+
+function _register_start_daemon
+{
+  DAEMONS_START+=("${1}")
+  _log 'trace' "${1}() registered"
+}
+
 function _start_daemons
 {
   _log 'info' 'Starting daemons'

diff --git a/target/scripts/startup/fixes-stack.sh b/target/scripts/startup/fixes-stack.sh
diff --git a/target/scripts/startup/setup-stack.sh b/target/scripts/startup/setup-stack.sh
@@ -10,11 +10,13 @@ function _register_setup_function
 
 function _setup
 {
-  while read -r FILE
+  # requires `shopt -s globstar` because of `**` which in
+  # turn is required as we're decending through directories
+  for FILE in /usr/local/bin/setup.d/**/*.sh
   do
     # shellcheck source=/dev/null
     source "${FILE}"
-  done < <(find /usr/local/bin/setup.d/ -type f)
+  done
 
   _log 'info' 'Configuring mail server'
   for FUNC in "${FUNCS_SETUP[@]}"
@@ -99,6 +101,16 @@ function _setup_timezone
   fi
 }
 
+function _setup_apply_fixes_after_configuration
+{
+  _log 'trace' 'Removing leftover PID files from a stop/start'
+  find /var/run/ -not -name 'supervisord.pid' -name '*.pid' -delete
+  touch /dev/shm/supervisor.sock
+
+  _log 'debug' 'Checking /var/mail permissions'
+  _chown_var_mail_if_necessary || _shutdown 'Failed to fix /var/mail permissions'
+}
+
 function _run_user_patches
 {
   local USER_PATCHES='/tmp/docker-mailserver/user-patches.sh'